Skip to content

Added functionality to read/return GroupName text.#532

Merged
decalage2 merged 19 commits intodecalage2:masterfrom
kirk-sayre-work:merge2master
Jan 31, 2020
Merged

Added functionality to read/return GroupName text.#532
decalage2 merged 19 commits intodecalage2:masterfrom
kirk-sayre-work:merge2master

Conversation

@kirk-sayre-work
Copy link
Copy Markdown
Contributor

@kirk-sayre-work kirk-sayre-work commented Jan 30, 2020

I have added functionality for the following:

  1. consume_MorphDataControl() now reads and returns the value of the GroupText field. The data for non-zero size GroupText fields was previously not being consumed so this may fix some errors on some documents. The GroupText value is now returned as one of the data elements for an embedded object. (Test Document Hash: fffa19ec1db3453a942c5090816e758585f11ecc1fc7dc942340be7cce6f1ad8)

  2. Added a --no-xlm option to skip extracting XLM macros (the default is still to extract XLM macros). I added this option since for some reason some documents take a very long time to process when XLM macro extraction is attempted.

  3. Tightened up the logic for detecting MHT files. Some malicious VBScript contain variables named 'mime', 'version', and 'multipart' which triggered a false MHT classification with the old check.

@kirk-sayre-work
Added support for reading ControlTipText field from OleSiteConcreteCo…
5029790 
…ntrol.

Save the Caption text returned from consume_LabelControl in dict returned from extract_OleFormVariables.
@kirk-sayre-work
Fixed oleform unit test for caption/controltiptext functionality.
2d4ecbd
@kirk-sayre-work
Merge https://github.com/decalage2/oletools
91c68aa
@kirk-sayre-work
Consume 2 null bytes between form element name value and tag value.
be2898f
@kirk-sayre-work
Merge remote-tracking branch 'upstream/master'
677d9ad
@kirk-sayre-work
Added --no-xlm option to skip extracting XLM macros.
4188b3d
@kirk-sayre-work
Set no_xlm flag when parsing subfiles.
a161fae
@kirk-sayre-work
Set default value of no_xlm field in VBA_Parser constructor.
1a75946
@kirk-sayre-work
Added no_xlm to to process_file_triage() method.
dc4dffd
@kirk-sayre-work
Consume 2 null bytes between name string and tag string if the file b…
5d9f21d 
…eing parsed has a tag or controltiptext.
@kirk-sayre-work
Merge remote-tracking branch 'upstream/master'
18f171b
@kirk-sayre-work
Added files to get setup.py to work.
c273238
@kirk-sayre-work
Fixed bug in detecting MHT files.
0b9f0d5
@kirk-sayre-work
Now reads in Caption and GroupName from MorphDataExtraDataBlock .
a3f1362
@kirk-sayre-work
Stop reading extra 2 bytes between name field and tag field.
bf1324d
@kirk-sayre-work
Merge remote-tracking branch 'upstream/master' into merge2master
e91694c
@kirk-sayre-work
Revert to original olevba.py.
240f9a2
@kirk-sayre-work
Added reading GroupName text to consume_MorphDataControl().
6f19011 
This may help prevent unread data being left in the OLE stream when the GroupName text size is > 0.
@kirk-sayre-work
Fixed merge error.
50851a0
@decalage2 decalage2 added this to the oletools 0.56 milestone Jan 31, 2020
@decalage2 decalage2 merged commit f178fd0 into decalage2:master Jan 31, 2020
@decalage2
Copy link
Copy Markdown
Owner

decalage2 commented Jan 31, 2020

Thanks for fixing the issues with PR #319 !

@decalage2 decalage2 mentioned this pull request May 5, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@decalage2 decalage2 decalage2 approved these changes

Assignees

No one assigned

Labels

oleform olevba tests 👍 enhancement

Projects

None yet

Milestone

oletools 0.56

Development

Successfully merging this pull request may close these issues.

2 participants

@kirk-sayre-work @decalage2